Announcements from the MAG & Featured Articles

If we want to stop Groundhog’s Day, the payments industry needs to leverage open, consensus-based standards which fosters increased market competition that results in growth and innovation of creative payment solutions. Until then, the past will be the predictor of the future.

Those of us in the payments industry understand that EMV is a specification owned by EMVCo, a membership organization made up of the six global payment networks. All decisions regarding the EMV spec are made by these global payment brands. Layered on top of this technical spec are proprietary rules and practices unique to each payment brand that the rest of the ecosystem must follow or risk negative implications. In the U.S., it was decided by these payment brands to deploy EMV different than every other country in the world. Why?

Possibly because the American is incapable of remembering a 4-digit PIN code which is static and less secure. Really? First, I am certain the American people have the intellect to remember a 4-digit code. Second, the PIN has proven to be a more effective approach to authentication than signature has or ever could be.

Possibly because of debit regulatory reforms that require merchant routing choice on every debit transaction. This did offer some nuances but the approach taken unnecessarily segregated domestic debit networks from the global payment networks on EMV chip technology which results in additional cost and development to enable merchant debit routing choice, a right granted by U.S. law six years ago. We have all experienced the implications of these decisions as 1/ a consumer with our own chip card trying to buy goods at retail locations where prompted to select Visa Debit or US Debit (huh?) and as 2/ a merchant having to incur a greater investment to ensure the best customer experience in the most cost efficient manner is deployed.

Possibly EMV was deployed in the U.S. differently because of the increased complexity resulting from the mass number of payment card issuing financial institutions. Among all the possibilities, the most likely was to enable the incumbent global payment networks’ retention of market share and transaction volumes that deliver significant revenue streams for those payment networks and their issuing bank partners.

This is what happens when only a select few have the decision-making power over payment specifications or standards, a critical component within global commerce impacting all stakeholders. So, what’s next? Without any glimpse of change, our past is a predictor of the future. This snowball will continue into the age of digital commerce. In fact, the same story has begun to unfold.

Consumers are demanding a new way to explore, shop, evaluate, compare, earn, and simply EXPERIENCE commerce. These are the lead actors of the future for digital commerce and the evolving consumer experience. Mobile is a channel with unique opportunity to deliver on these consumer expectations. Although payment isn’t the lead actor in mobile commerce, it does play a very important supporting role that must make sure the lead actors of the experience shine.

An effective payment technology that enables mobile payment is tokenization. Tokens essentially replace the PAN such that if compromised, the data accessed is rendered useless. This is transparent to the customer experience. The ability to eliminate the value of payment data is definitely a move in the right direction as a foundation for payment security.

Just like EMV, the use of tokens or alternate PANs has been in place for some time in other markets like Europe for their host-card emulation (HCE) based payment services. Unfortunately, recent announcements made by Visa suggest that the use of these alternative PANs will come up against an expiry date according to Visa rules and policies. Instead, Visa will require that no competitive alternative solution to Visa’s Token Service (VTS) will be allowed on digital transactions that involve a Visa payment card (i.e. mobile, in-app, or online). Yes, this is another example of a specification owned by EMVCo, led by the global brands, with proprietary rules and practices layered on top.

VTS is predicated on Visa as the sole Token Service Provider (TSP) regardless of whether another third party could do the same even if they comply with the EMVCo tokenization guidelines. This means that only Visa can issue, encrypt, and decrypt tokens for mobile transactions where a Visa card is used.

So, let me get this straight. An issuer such as Wells Fargo with its own technology solution to disguise the PAN for a Visa mobile transaction in which Wells Fargo is both the issuer and acquirer (an on-us transaction) would be required to now route that transaction to Visa’s network for decryption under Visa’s rules which was not otherwise necessary for on-us transactions. Seems to me that this is an opportunity to drive more volume to Visa. Brilliant approach.

My understanding is that this scenario would similarly impact transactions for U.S. domestic debit network competitors of Visa on Visa branded debit cards. For example, SHAZAM would be required to route its transactions through Visa’s networks in accordance with Visa’s rules for Visa/SHAZAM co-badged debit cards. Not cool. Why can’t SHAZAM be a TSP if they comply with the EMVCo tokenization guidelines? Why does a bank, merchant, or debit network competitor of have to route mobile transactions through Visa’s network that would otherwise not be required to? Oh yah…proprietary technologies developed collectively by global payment schemes with proprietary rules and policies layered on top.

If we want to stop Groundhog’s Day, the payments industry needs to leverage open, consensus-based standards which fosters increased market competition that results in growth and innovation of creative payment solutions. Until then, the past will be the predictor of the future.